<html>
<head>
<title>Store remote iframe document in localStorage</title>
<script type="text/javascript" src="/shared/scripts/testcase.js"></script>
<script type="text/javascript">
if (window.addEventListener) {
	window.addEventListener('load', f, false);
} else if (window.attachEvent) {
	window.attachEvent('onload', f);
} else {
	window.onload = f;
}

function f() {
	var tc = new TestCase();
	tc.input = 'localStorage.setItem("remote_doc", cross_ifr);';
	tc.description = 'Store remote iframe document in localStorage';
	tc.expected_result = "undefined or unsupported or exception occurred";
	try {
		if (localStorage == undefined) {
			tc.test_passed = 'true';
			tc.result = "unsupported";
			tc.output = "undefined";
			tc.saveTest();
			return;
		}
	} catch(e) {
		tc.test_passed = 'true';
		tc.result = "exception occurred";
		tc.output = tc.outputException(e);
		tc.saveTest();
		return;
	}
	// SAME ORIGIN CHECK
	try {
		tc.output += 'SAME ORIGIN\n';
		var same_ifr = document.getElementById('same_ifr');
		localStorage.setItem("local_doc", tc.getOriginDocument(same_ifr));
		tc.output += 'Successfully stored document in local_doc key.\n';
		var same_doc = localStorage.getItem("local_doc");
		tc.output += 'local document data: ' + same_doc + '\n';
	} catch(e) {
		tc.test_passed = 'true';
		tc.result = 'exception occurred';
		tc.output += tc.outputException(e);
		tc.saveTest();
		return;
	}
	
	// CROSS ORIGIN CHECK
	try {
		tc.output += 'CROSS ORIGIN\n';
		var cross_ifr = document.getElementById('cross_ifr');
		localStorage.setItem("remote_doc", tc.getOriginDocument(cross_ifr));
		tc.output += 'Successfully stored remote document in remote_doc key.\n';
		var cross_doc = localStorage.getItem("remote_doc");
		// we get a string back from localStorage.
		if (cross_doc == undefined || cross_doc == "undefined") { 
			tc.test_passed = 'true';
			tc.result = 'undefined';
			tc.output += 'Cross origin document data is undefined';
			tc.saveTest();
			return;
		}
		tc.output += 'Cross origin document data: ' + cross_doc + '\n';
		tc.test_passed = 'false';
		tc.result = 'cross origin data readable';
	} catch(e) {
		tc.test_passed = 'true';
		tc.result = 'exception occurred';
		tc.output += tc.outputException(e);
		tc.saveTest();
		return;
	}
	tc.saveTest();
}
</script>
</head>
<body>
<div>
	<iframe src="http://victim.com/forbidden.html" id="cross_ifr"></iframe>
	<iframe src="/allowed.html" id="same_ifr"></iframe>
</div>
</body>
</html>